CVE-2022-50299
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression β€œ200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffer. [ 1513.267938] ------------[ cut here ]------------ [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510 [ 1513.267944] Modules linked in: <snip> [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510 <-snip-> [ 1513.267982] Call Trace: [ 1513.267986] snprintf+0x45/0x70 [ 1513.267990] ? disk_name+0x71/0xa0 [ 1513.267993] dump_zones+0x114/0x240 [raid0] [ 1513.267996] ? _cond_resched+0x19/0x40 [ 1513.267998] raid0_run+0x19e/0x270 [raid0] [ 1513.268000] md_run+0x5e0/0xc50 [ 1513.268003] ? security_capable+0x3f/0x60 [ 1513.268005] do_md_run+0x19/0x110 [ 1513.268006] md_ioctl+0x195e/0x1f90 [ 1513.268007] blkdev_ioctl+0x91f/0x9f0 [ 1513.268010] block_ioctl+0x3d/0x50 [ 1513.268012] do_vfs_ioctl+0xa9/0x640 [ 1513.268014] ? __fput+0x162/0x260 [ 1513.268016] ksys_ioctl+0x75/0x80 [ 1513.268017] __x64_sys_ioctl+0x1a/0x20 [ 1513.268019] do_syscall_64+0x5e/0x200 [ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50299
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.10 (inc) to 4.14.296 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.262 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.220 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.150 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by monitoring system logs for specific kernel warnings related to snprintf usage in the md (multiple device) subsystem. Look for kernel log messages similar to the warning shown in the description, such as messages containing 'WARNING: CPU' and references to vsnprintf or snprintf in the mdadm context. You can use commands like 'dmesg | grep -i snprintf' or 'journalctl -k | grep -i snprintf' to search for these warnings in kernel logs.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this issue is fixed, specifically where snprintf calls in the md subsystem are replaced with scnprintf to prevent buffer overflow warnings. Until an update is applied, monitor system logs for the warning and avoid configurations that cause the total characters in block device names plus slashes to exceed 200, which triggers the issue.

Executive Summary

This vulnerability occurs in the Linux kernel's md (multiple device) component where the use of snprintf() can cause a warning or error when the total length of block device names plus slashes exceeds 200 characters. snprintf() returns the number of characters that would have been written, which can cause an integer wraparound in the expression "200 - len" leading to unexpected behavior. The fix replaces snprintf() with scnprintf(), which returns the actual number of characters written, preventing this wraparound and the associated warning.

Impact Analysis

This vulnerability can cause warnings or errors in the Linux kernel when handling device names longer than expected, potentially leading to instability or unexpected behavior in the md subsystem. This could affect system reliability or cause issues in managing RAID devices, but it does not directly indicate a security breach or data compromise.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart